Highlights from our work in 2019

2019 was the year when we worked in more business sectors to help with Information and Cyber Security and data protection requirements. ISO27001 Helped 3 SMEs get ISO27001 certification Worked with 4 organisations on their ISO27001 Surveillance programmes. This included updating of risk assessments, doing internal audits and running desktop tests of business continuity plans… Read More

Data Protection with a hard Brexit – you might not need a representative in the UK

Several companies have made claims similar to “EU companies required to appoint UK Representative if there is a NO DEAL Brexit”. The headlines are wrong. I checked the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 and with the ICO. EU companies MAY need to appoint a UK representative, but if… Read More

CCTV and privacy – what you need to do

The majority of offices use CCTV as part of their security measures to protect the perimeter of buildings and/or to monitor restricted areas. There is nothing wrong in doing this providing a legal basis for processing the personal data (images) is established,  you tell people what it is used for and meet any requirements laid… Read More

GDPR – Large scale processing

The GDPR refers to large scale processing several times. Questions about what is meant by this come up on a regular basis. We have produced a short video with details on factors to consider, examples of large scale processing and examples of what isn’t large scale processing. Get in touch if you need help with… Read More

Are you meeting the GDPR Accountability principle?

Meeting the General Data Protection Regulation (GDPR) requirements isn’t a one-off ‘set and forget’ activity. Ongoing work is needed to ensure the requirements continue to met, this is covered by the Accountability principle in Article 5. It states that the controller “shall be responsible for, and be able to demonstrate compliance with, paragraph 1”; and… Read More

CNIL – causes of reported data breaches (May – October 2018)

The CNIL (the French Data Protection Authority) received 742 notifications of personal data breaches (and see the original report in French) that affected over 33 million individuals located in France or elsewhere. 695 related to confidentiality breaches. The accommodation and food services sector had the highest number of breaches – 185. This is due to a specific case… Read More

#GDPR – number of complaints in the first month

IAPP has published details about the number of complaints received by different data protection authorities (DPAs) in the first month after the GDPR started to be enforced. It isn’t a full picture as there are no details from Croatia, Cyprus, Finland, Germany, Greece, Hungary, Italy, Latvia, Lithuania, Luxembourg, Poland, Portugal and Spain. The accuracy and consistency of… Read More

How to track down your personal data (Data Mapping)

One of the early stages to prepare for the General Data Protection Regulation (GDPR) is identifying the Personal Data you process; this blog provides a framework to build a Personal Data Inventory. An inventory is not a requirement of the GDPR, but it is a good way to build up a picture of the personal… Read More

Legitimate Interests – 3 part test

Legitimate interests (LI) is one of the lawful basis for processing personal data. The ICO say it is appropriate “where you use people’s data in ways they would reasonably expect and which have a minimal privacy impact, or where there is a compelling justification for the processing”. The three parts to the test to identify a LI have been… Read More

Accountability and Governance – Documentation #GDPR #DPB

Details of documentation requirements for Accountability and Governance under the GDPR and Data Protection Bill are on the ICO website. A mind map has been created to act as a quick reference. Click on the image to view the full-size mind map. You can use the Checklist on the ICO website page to track what… Read More